Zomato data breached: 17 million user records stolen

Restaurant finder Zomato just revealed some shocking information: 17 million user records from its database were stolen. The stolen information has user email addresses and hashed passwords.

“Payment-related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault. No payment information or credit card data has been stolen/leaked,” the company announced.

It also added that passwords stored with Zomato are encrypted and “so the sanctity of your password is intact in case you use the same password for other services.” Nevertheless, it advised users to change their password.

“So far, it looks like an internal (human) security breach – some employee’s development account got compromised,” the company said.

Zomato is one of India’s best known startups. It is present in 23 countries around the world, entering most of them by acquiring a local startup. Over 120 million users visit Zomato every month.

“We’ll be further enhancing security measures for all user information stored within our database. A layer of authorization will be added for internal teams having access to this data to avoid the possibility of any human breach,” the company said today.